1. Home
  2. Groups
  3. ALLANITE

ALLANITE

ALLANITE is a suspected Russian cyber espionage group, that has primarily targeted the electric utility sector within the United States and United Kingdom. The group's tactics and techniques are reportedly similar to Dragonfly, although ALLANITEs technical capabilities have not exhibited disruptive or destructive abilities. It has been suggested that the group maintains a presence in ICS for the purpose of gaining understanding of processes and to maintain persistence. [1]

ID: G1000
Associated Groups: Palmetto Fusion
Contributors: Dragos Threat Intelligence
Version: 1.0
Created: 31 May 2017
Last Modified: 24 May 2022
Version Permalink
ICS Layer
download view

Techniques Used

Domain ID Name Use
ICS T0817 Drive-by Compromise

ALLANITE leverages watering hole attacks to gain access into electric utilities. [2]
ICS T0852 Screen Capture

ALLANITE has been identified to collect and distribute screenshots of ICS systems such as HMIs. [1] [3]
ICS T0865 Spearphishing Attachment

ALLANITE utilized spear phishing to gain access into energy sector environments. [4]
ICS T0859 Valid Accounts

ALLANITE utilized credentials collected through phishing and watering hole attacks. [1]

References

  1. Dragos Allanite Retrieved. 2019/10/27
  2. Eduard Kovacs 2018, May 21 Group linked to Shamoon attacks targeting ICS networks in Middle East and UK Retrieved September 12, 2024.
  1. ICS-CERT 2017, October 21 Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors Retrieved. 2017/10/23
  2. Jeff Jones 2018, May 10 Dragos Releases Details on Suspected Russian Infrastructure Hacking Team ALLANITE Retrieved. 2020/01/03